Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

Transcription

1 Inductive datatypes in HOL lessons learned in Formal-Logic Engineering Stefan Berghofer and Markus Wenzel Institut für Informatik TU München = Isabelle λ β HOL α 1

2 Introduction Applications of inductive datatypes Data structures (lists, trees,...) Abstract syntax of programming languages (e.g. Bali)... What we want simple user-supplied datatype specification datatype package characteristic properties (induction, recursion,...) Different approaches Axiomatic Desired theorems are introduced as axioms ( danger of introducing inconsistencies) Inherent Concept of inductive definitions is part of the logic (e.g. Coq) Definitional Define datatypes in terms of already existing types, derive characteristic theorems from definition by formal proof 2

3 Definitional packages in Isabelle/HOL constdef axclass coinductive inductive typedef datatype recdef primrec record 3

4 Examples datatype α aexp = If (α bexp) (α aexp) (α aexp) Sum (α aexp) (α aexp) Var α Num nat and α bexp = Less (α aexp) (α aexp) And (α bexp) (α bexp) datatype (α, β)term = Var α App β (((α, β)term)list) datatype (α, β, γ)tree = Atom α Branch β (γ (α, β, γ)tree) datatype α lambda = Var α App (α lambda) (α lambda) Lam (α α lambda) 4

5 Limitations of set-theoretic datatypes Cardinality restrictions (Cantor) datatype t = C (t bool) D ((bool t) bool) E ((t bool) bool) F C, D, E would yield injections of type (t bool) t Dangerous type parameters datatype (α, β, γ)t = C (α set) D (β γ) E (γ list) Caution: α and β are dangerous: α occurs as an argument of non-datatype constructor set β occurs as left argument of (i.e. not strictly positive) datatype δ u = F ((δ u, δ, δ)t) G datatype δ u = F ((δ, δ u, δ)t) G datatype δ u = F ((δ, δ, δ u)t) G 5

6 Admissible datatype specifications datatype (α 1,..., α h )t 1 = C 1 1 τ 1 1,1... τ 1 1,m C 1 k 1 τ 1 k 1,1... τ 1 k 1,m 1 k 1 and (α 1,..., α h )t n = C n 1 τ n 1,1... τ n 1,m n 1... C n kn τ n kn,1... τ n kn,m n kn Types τ j i,i must be admissible. A type τ is admissible iff τ is non-recursive (i.e. does not contain t 1,..., t n ), or τ = σ τ, where σ is non-recursive and τ is admissible, or τ = (α 1,..., α h )t j, where 1 j n, or τ = (τ 1,..., τ h )t, where t is an existing datatype, and τ 1,..., τ h are admissible, and if τ i is recursive, then ith argument of t is not dangerous 6

7 Observation: elements of datatypes are trees A universe for recursive types Leaf :: α (α, β)dtree In0, In1 :: (α, β)dtree (α, β)dtree Pair :: (α, β)dtree (α, β)dtree (α, β)dtree Lim :: (β (α, β)dtree) (α, β)dtree embedding non-recursive occurrences of types modeling distinct constructors modeling constructors with multiple arguments embedding function types (infinitary products) Representing trees in HOL position branching label z} { z } { (α, β)node = ( nat (β + nat)) (α + bool) {z } {z } path node value (α, β)dtree = ((α, β)node)set 7

8 Representing trees in HOL a 1 t = {(f 1, a 1 ), (f 2, a 2 ), (f 3, a 3 )} a 2 a where f1 = 1, 0, 0,... f 2 = 2, 1, 0, 0,... f 3 = 2, 2, 0, 0,... t 1 t 2 Pair t 1 t Pair t 1 t 2 (push (Inr 1) t 1 ) (push (Inr 2) t 2 ) f x 1 f x 2... x 1 x 2 Lim f S {z x. z = push (Inl x) (f x)} 8

9 Constructing an example datatype α list datatype α list = Nil Cons α (α list) Inductive definition of the representing set Nil-rep list-rep ys list-rep Cons-rep y ys list-rep Nil-rep In0 dummy Cons-rep y ys In1 (Pair (Leaf y) ys) HOL type definition Abs-list (Rep-list x) = x Abs-list y list-rep = Rep-list (Abs-list y) = y α list Rep-list x list-rep Rep-list (α, unit)dtree list-rep Constructors Nil Abs-list Nil-rep Cons x xs Abs-list (Cons-rep x (Rep-list xs)) Nil Cons x xs because In0 t In1 t Cons x xs = Cons y ys x = y xs = ys because In1, Pair, Leaf, Abs-list and Rep-list are injective 9

10 lfp F = T {x F x x} Inductive definitions and least fixpoints The Knaster-Tarski theorem If F is monotone then lfp F = F (lfp F ) F y y lfp F y F {x P x} {x P x} lfp F {x P x} (weakind) F (lfp F {x P x}) {x P x} lfp F {x P x} (strongind) list-rep as a least fixpoint F L = {x x = Nil-rep y ys. x = Cons-rep y ys ys L} list-rep = lfp F datatype α list = Nil Cons α (α list) list-rep = F list-rep 10

11 Structural induction α list Induction rule for type α list P Nil x xs. P xs = P (Cons x xs) P xs (list-ind) Induction rule for list-rep Q Nil-rep y ys. Q ys ys list-rep = Q (Cons-rep y ys) ys list-rep = Q ys (list-rep-ind) Derivation of list-ind from list-rep-ind = P (Cons y (Abs-list ys))... = P (Abs-list (Cons-rep y (Rep-list (Abs-list ys)))) y ys. P (Abs-list ys) ys list-rep = P (Abs-list (Cons-rep y ys)) Rep-list xs list-rep = P (Abs-list (Rep-list xs)) P xs 11

12 Primitive recursion α list Recursion combinator list-rec :: β (α α list β β) α list β list-rec f 1 f 2 Nil = f 1 list-rec f 1 f 2 (Cons x xs) = f 2 x xs (list-rec f 1 f 2 xs) Example foldl f a Nil = a foldl f a (Cons x xs) = foldl f (f a x) xs can be defined by foldl λf a xs. list-rec (λf a. a) (λx xs r. (λf a. r f (f a x))) xs f a Inductive definition of function graph list-rel (Nil, f 1 ) list-rel f 1 f 2 (xs, y) list-rel f 1 f 2 (Cons x xs, f 2 x xs y) list-rel f 1 f 2 list-rec f 1 f 2 xs εy. (xs, y) list-rel f 1 f 2 show:!y. (xs, y) list-rel f 1 f 2 (by induction on xs) 12

13 Datatypes with nested recursion (α, β)term Unfolding the datatype specification datatype (α, β)term = Var α App β ((α, β)term-list) and (α, β)term-list = Nil Cons ((α, β)term) ((α, β)term-list) The representing sets term-rep, term-list-rep :: ((α + β, unit)dtree)set) ts term-list-rep In0 (Leaf (Inl a)) term-rep In1 (Pair (Leaf (Inr b)) ts) term-rep In0 dummy term-list-rep t term-rep ts term-list-rep In1 (Pair t ts) term-list-rep Representation function (primitive recursive) Rep-term-list Nil = In0 dummy Rep-term-list (Cons t ts) = In1 (Pair (Rep-term t) (Rep-term-list ts)) Abs-term-list inv Rep-term-list list-rep Abs-list ((α, β)term)list Abs-term-list term-list-rep Rep-list Rep-term-list 13

14 (α, β)term continued Constructors Var a Abs-term (In0 (Leaf (Inl a))) App b ts Abs-term (In1 (Pair (Leaf (Inr b)) (Rep-term-list ts))) Induction a. P (Var a) b ts. Q ts = P (App b ts) Q Nil t ts. P t Q ts = Q (Cons t ts) P t Q ts Primitive recursion term-rec f 1... f 4 (Var a) = f 1 a term-rec f 1... f 4 (App b ts) = f 2 b ts (term-list-rec f 1... f 4 ts) term-list-rec f 1... f 4 Nil = f 3 term-list-rec f 1... f 4 (Cons t ts) = f 4 t ts (term-rec f 1... f 4 t) (term-list-rec f 1... f 4 ts) 14

15 Infinitely branching datatypes (α, β, γ)tree The representing set tree-rep :: ((α + β, γ)dtree)set In0 (Leaf (Inl a)) tree-rep where Funs :: β set (α β)set Funs S {g range g S} g Funs tree-rep In1 (Pair (Leaf (Inr b)) (Lim g)) tree-rep Constructors Atom a Abs-tree (In0 (Leaf (Inl a))) Branch b f Abs-tree (In1 (Pair (Leaf (Inr b)) (Lim (Rep-tree f)))) Structural induction a. P (Atom a) b f. ( x. P (f x)) = P (Branch b f) P t 15

16 Primitive recursion (α, β, γ)tree Recursion combinator tree-rec :: (α δ) (β (γ (α, β, γ)tree) (γ δ) δ) (α, β, γ)tree δ tree-rec f 1 f 2 (Atom a) = f 1 a tree-rec f 1 f 2 (Branch b f) = f 2 b f ((tree-rec f 1 f 2 ) f) Example member c (Atom a) = (a = c) member c (Branch b f) = ( x. member c (f x)) can be defined by member λc. tree-rec (λa. a = c) (λb f f. x. f x) Inductive definition of function graph tree-rel (Atom a, f 1 a) tree-rel f 1 f 2 (Branch b f, f 2 b f f ) tree-rel f 1 f 2 f compose f (tree-rel f 1 f 2 ) where compose :: (α β) (β γ)set (α γ)set compose f R {f x. (f x, f x) R} 16

17 Lessons learned Approaches to theory extension mechanisms definitional The logic of choice? take HOL as is ( simply typed, classical set theory) Layered arrangements of concepts ( deep vs. shallow embedding) extra-logical notion of admissibility extra-logical unfolding System integration Bootstrapping problem: universe dtree depends on types nat, α + β, α β Represent these { types as datatypes } { later! } freeness, primitive recursion, rep-datatype: induction representation function More uniform treatment of types Cooperation of packages: not just logical theory extension, also additional information ( theory data concept) 17

18 Conclusion Achievements Set theoretic construction of mutually recursive nested arbitrarily branching types, together with primitive recursion Knaster-Tarski fixpoint approach Scalable and robust working environment Further work Actual combination of definitional packages Codatatypes (mixing with datatypes?) Non-freely generated types: implement by datatype α t = C α D ((α t)finset) datatype α t = C α D ((α t)list) quotient construction 18